BlogsIlone Harrison's blog

What's the best way to secure on old PC for a new owner?

Submitted by Ilone Harrison on June 12, 2009 - 8:59am

http://www.washingtonpost.com/wp-dyn/content/article/2009/06/11/AR200906...

Link to PC World/Washington Post article, "Remove Sensitive Data Before You Sell an Old PC", 2009-Jun-11. From the article:

"Anyone with a cheap data recovery program can recover your recently deleted files--even if you've emptied the recycle bin. They can also get files off a freshly-formatted hard drive."

Disk wiping tools, anyone?

0
No votes yet
Your rating: None
Tags:

Comments

DBAN

Rouben's picture
Submitted by Rouben on June 15, 2009 - 10:24am.

How about Darik's Boon and Nuke (DBAN)? It's been recognized by the government of Canada not too long ago.

http://www.dban.org/

LOL I still keep a stack of

Don Banh's picture
Submitted by Don Banh on June 15, 2009 - 1:51pm.

LOL I still keep a stack of hard drives in my basement

Necklace of honour/shame

Rouben's picture
Submitted by Rouben on June 16, 2009 - 11:47am.

At UTSC we used to the steel cables for securing workstations to build hard drive platter necklaces... Well we only built one so far. The best way to destroy your data: make a fashion statement out of it! I'm thinking of building a kilt next. :)

DBAN!

Submitted by dauclair on June 18, 2009 - 2:09pm.

Ditto. DBAN is an excellent tool for general purpose data destruction.

Secure destruction

Ilone Harrison's picture
Submitted by Ilone Harrison on June 16, 2009 - 12:28pm.

The key question is how we most effectively destroy the data, make it unusable. Once the data has been securely destroyed, the fashion possibilities could be interesting - remember the credit card dress? I expect those weren't real names or credit card numbers, though - the personal/confidential information would have been removed first, if it had ever been there at all.

Full disk encryption could make the data unavailable except to the intended user(s). I wonder whether wholly encrypted disks would need to be wiped when going to a new user or being taken out of commission.

Probably not... because

Rouben's picture
Submitted by Rouben on June 17, 2009 - 12:02am.

Probably not... because encrypted data is supposed to look like "random" data. That's a good question though. IMO while the risk of data theft certainly increases when you dangle encrypted data out in the open, but by how much?

Secure Data Destruction

Submitted by dauclair on June 18, 2009 - 2:06pm.

Although the DoD 5520.22-M specification on data sanitization has recently changed to include only physical destruction, the former spec specified using an overwrite method. According to NIST 800-88, "studies have shown that most of today's media can be effectively cleared by one overwrite".

DBAN running a DoD-Short (3 pass) disk wipe is a very effective way to destroy all addressable disk sectors.

(The reasons that the DoD spec have changed is because remapped sectors (although damaged) may still contain tiny bits of recoverable data)

In cases where the hardware's damaged, come on over to the machine room, we've got a drive degausser.

E-waste containing personal information and security data

Ilone Harrison's picture
Submitted by Ilone Harrison on June 25, 2009 - 11:50am.

Thanks for the invitation to degauss. Here's an example of what can happen when a drive isn't properly cleared - criminal gangs target e-waste - in a Globe and Mail article, 'UBC journalism students find sensitive data in digital dumps' (2009-Jun-25).

http://www.theglobeandmail.com/news/national/ubc-journalism-students-fin...